I was having a discussion with a coworker recently (we both work in the IT / cybersecurity space) and discovered that they have been recommending to other employees and supported departments within the organization NOT to opt out of data brokers proliferating your personal data on aggregator sites. Their rationale was that it would make a given individual “an anomaly” and increase a threat’s interest in them. I lurk on privacy guides and every other privacy focused forum daily and in the several years I’ve been in this field and following the resources i have never once heard this opinion.
I could see where if you did a search on yourself and found that all the data was misattributed to another person with a similar name where it would lead prying eyes on a wild goose chase. But if I had all of my accurate data available for anyone to see by just doing a quick fastpeoplesearch check, well they now have my current address, phone, email and close connections as a start.
What benefit would keeping accurate data up on these sites have to a person? I get different threat models. But even in going down the list of usual suspects i cant identify any clear reason based on threat. This is a largely US issue for one, and data privacy is not common across the board. Its becoming more “mainstream” to take control of our data and if i found out someone was making copies of my house key, i wouldn’t just let it keep happening. I’m changing the lock. It would be ridiculous to say “well if you change your locks they’ll think you have something to hide”.
Any input from the group would be appreciated. I don’t want or need justification for why opting out is important, i am looking for a devils advocate in why someone would leave their accurate and current data on these sites.
You asked for a devil’s advocate perspective, so here’s a scenario where keeping accurate data might be beneficial, from an organizational standpoint rather than strictly personal:
Someone might argue to keep accurate information out there is that it helps security teams know exactly what’s exposed, making threat modeling and defense strategies clearer. If data is inaccurate or incomplete, it could unintentionally redirect threats toward more vulnerable targets or create confusion about actual risks.
Also, opting out often turns into an endless game since new aggregator sites keep popping up. Keeping your data consistent and predictable at least lets you quickly spot when something unusual appears or changes, making early detection of threats easier.
Not saying this justifies leaving your data online. Just offering another perspective!
I can see this line of thought. Similar to using specific emails for various services to identify who’s selling your data. But i agree, not the route i am gonna take, and not what i would recommend to anyone. I think your position you put forward here can be accomplished while also deleting and opting out though. Basically identify and remove. Reduce exposure footprint and make it easier to identify the source. Or something like that. But thanks for the reply. Gave me some angles to think about.
You generally shouldn’t opt-out of these databases if the databases themselves are not public, for the reason you gave. It does not make a ton of sense to proactively give them any more information then they already have.
This is why we don’t have recommendations for Europeans, for example, even though it is frequently asked by Europeans here in our community. Data brokers are a problem there, but there is just not much that Europeans should/can do about them individually.
Unfortunately, since in the United States most of them are public, this argument does not really apply to Americans.
There are plenty of reasons an American might still choose to not opt-out. Maybe they do not deem the threat a high enough risk to worry about in their situation. This is what threat modeling’s all about, and frankly some people have bigger fish to fry.
Any of the reasons to not opt-out are neutral at best though. I can’t think of any reason leaving information up would be actively better than taking it down in the US, to be honest.
I would not opt out. This way I am just a normie whose data is stolen. What I want as a secret I keep it that way. If I would have to use online services in that context I keep that away from my normie account even from my usual network. But luckily I have no such things at all.